[Bug tree-optimization/102706] [12 regression] -O2 vectorization causes regression in Warray-bounds-48.c on many targets

Tue, 12 Oct 2021 09:36:33 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102706

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |crazylht at gmail dot com
           Keywords|                            |diagnostic
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
             Blocks|                            |56456
   Last reconfirmed|                            |2021-10-12

--- Comment #1 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed.  The root cause is similar as in the test case in pr102462 comment
4.  Here, in addition to the expected -Warray-bounds (from the vrp1 pass) for
the invalid subscripts (before vectorization) the code also triggers
-Wstringop-overflow (from the strlen pass) for the two valid stores to p->ax at
indices 0 and 1 vectorized with the subsequent two stores.  See the dumps
below.

Hongtao and I have been discussing the fallout of the autovectorization change
in the context of the following review:
https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581371.html

Hongtao, we could use this bug to track case (2)  that you described in your
reply this morning in the thread above.

$ cat pr102706.c && /build/iq2000-elf/gcc-master/gcc/xgcc -B
/build/iq200f/gcc-master/gcc -O2 -S -Wall -fdump-tree-vrp1=/dev/stdout
-fdump-tree-strlen=/dev/stdout pr102706.c
typedef __INT16_TYPE__ int16_t;
typedef __INT32_TYPE__ int32_t;

void sink (void*);

/* Exercise a true flexible member.  */

struct AX
{
  int32_t n;
  int16_t ax[];     // { dg-message "while referencing 'ax'" "member" }
};

static void warn_ax_local_buf (struct AX *p)
{
  p->ax[0] = 4; p->ax[1] = 5;

  p->ax[2] = 6;     // { dg-warning "\\\[-Warray-bounds" }
  p->ax[3] = 7;     // { dg-warning "\\\[-Warray-bounds" }
  p->ax[4] = 8;     // { dg-warning "\\\[-Warray-bounds" }
}


void g (void)
{
  /* Verify out-of-bounds access to the local BUF is diagnosed.  */
  char ax_buf_p2[sizeof (struct AX) + 2 * sizeof (int16_t)];
  warn_ax_local_buf ((struct AX*) ax_buf_p2);
  sink (ax_buf_p2);
}

;; Function g (g, funcdef_no=1, decl_uid=1438, cgraph_uid=2, symbol_order=1)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }

Value ranges after VRP:



In function 'warn_ax_local_buf',
    inlined from 'g' at pr102706.c:28:3:
pr102706.c:18:8: warning: array subscript 2 is above array bounds of
'int16_t[]' {aka 'short int[]'} [-Warray-bounds]
   18 |   p->ax[2] = 6;     // { dg-warning "\\\[-Warray-bounds" }
      |   ~~~~~^~~
pr102706.c: In function 'g':
pr102706.c:11:11: note: while referencing 'ax'
   11 |   int16_t ax[];     // { dg-message "while referencing 'ax'" "member" }
      |           ^~
In function 'warn_ax_local_buf',
    inlined from 'g' at pr102706.c:28:3:
pr102706.c:19:8: warning: array subscript 3 is above array bounds of
'int16_t[]' {aka 'short int[]'} [-Warray-bounds]
   19 |   p->ax[3] = 7;     // { dg-warning "\\\[-Warray-bounds" }
      |   ~~~~~^~~
pr102706.c: In function 'g':
pr102706.c:11:11: note: while referencing 'ax'
   11 |   int16_t ax[];     // { dg-message "while referencing 'ax'" "member" }
      |           ^~
In function 'warn_ax_local_buf',
    inlined from 'g' at pr102706.c:28:3:
pr102706.c:20:8: warning: array subscript 4 is above array bounds of
'int16_t[]' {aka 'short int[]'} [-Warray-bounds]
   20 |   p->ax[4] = 8;     // { dg-warning "\\\[-Warray-bounds" }
      |   ~~~~~^~~
pr102706.c: In function 'g':
pr102706.c:11:11: note: while referencing 'ax'
   11 |   int16_t ax[];     // { dg-message "while referencing 'ax'" "member" }
      |           ^~
void g ()
{
  char ax_buf_p2[8];

  <bb 2> [local count: 1073741824]:
  MEM[(struct AX *)&ax_buf_p2].ax[0] = 4;
  MEM[(struct AX *)&ax_buf_p2].ax[1] = 5;
  MEM[(struct AX *)&ax_buf_p2].ax[2] = 6;
  MEM[(struct AX *)&ax_buf_p2].ax[3] = 7;
  MEM[(struct AX *)&ax_buf_p2].ax[4] = 8;
  sink (&ax_buf_p2);
  ax_buf_p2 ={v} {CLOBBER};
  return;

}



;; Function g (g, funcdef_no=1, decl_uid=1438, cgraph_uid=2, symbol_order=1)

;; 1 loops found
;;
;; Loop 0
;;  header 0, latch 1
;;  depth 0, outer -1
;;  nodes: 0 1 2
;; 2 succs { 1 }
In function 'warn_ax_local_buf',
    inlined from 'g' at pr102706.c:28:3:
pr102706.c:16:12: warning: writing 4 bytes into a region of size 0
[-Wstringop-overflow=]
   16 |   p->ax[0] = 4; p->ax[1] = 5;
      |   ~~~~~~~~~^~~
pr102706.c: In function 'g':
pr102706.c:27:8: note: at offset 8 into destination object 'ax_buf_p2' of size
8
   27 |   char ax_buf_p2[sizeof (struct AX) + 2 * sizeof (int16_t)];
      |        ^~~~~~~~~
void g ()
{
  int16_t * vectp.5;
  vector(2) short int * vectp_ax_buf_p2.4;
  char ax_buf_p2[8];

  <bb 2> [local count: 1073741824]:
  MEM <vector(2) short int> [(short int *)&ax_buf_p2 + 4B] = { 4, 5 };
  MEM <vector(2) short int> [(short int *)&ax_buf_p2 + 8B] = { 6, 7 };
  MEM[(struct AX *)&ax_buf_p2].ax[4] = 8;
  sink (&ax_buf_p2);
  ax_buf_p2 ={v} {CLOBBER};
  return;

}


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=56456
[Bug 56456] [meta-bug] bogus/missing -Warray-bounds

Reply via email to